2 * snat.c - simple nat plugin
4 * Copyright (c) 2016 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/vnet.h>
19 #include <vnet/ip/ip.h>
20 #include <vnet/ip/ip4.h>
21 #include <vnet/plugin/plugin.h>
22 #include <vlibapi/api.h>
23 #include <snat/snat.h>
24 #include <snat/snat_ipfix_logging.h>
25 #include <vnet/fib/fib_table.h>
26 #include <vnet/fib/ip4_fib.h>
28 #include <vlibapi/api.h>
29 #include <vlibmemory/api.h>
30 #include <vlibsocket/api.h>
32 snat_main_t snat_main;
34 /* define message IDs */
35 #include <snat/snat_msg_enum.h>
37 /* define message structures */
39 #include <snat/snat_all_api_h.h>
42 /* define generated endian-swappers */
44 #include <snat/snat_all_api_h.h>
47 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
49 /* Get the API version number */
50 #define vl_api_version(n,v) static u32 api_version=(v);
51 #include <snat/snat_all_api_h.h>
54 /* Macro to finish up custom dump fns */
57 vl_print (handle, (char *)s); \
62 * A handy macro to set up a message reply.
63 * Assumes that the following variables are available:
64 * mp - pointer to request message
65 * rmp - pointer to reply message type
69 #define REPLY_MACRO(t) \
71 unix_shared_memory_queue_t * q = \
72 vl_api_client_index_to_input_queue (mp->client_index); \
76 rmp = vl_msg_api_alloc (sizeof (*rmp)); \
77 rmp->_vl_msg_id = ntohs((t)+sm->msg_id_base); \
78 rmp->context = mp->context; \
79 rmp->retval = ntohl(rv); \
81 vl_msg_api_send_shmem (q, (u8 *)&rmp); \
84 #define REPLY_MACRO2(t, body) \
86 unix_shared_memory_queue_t * q = \
87 vl_api_client_index_to_input_queue (mp->client_index); \
91 rmp = vl_msg_api_alloc (sizeof (*rmp)); \
92 rmp->_vl_msg_id = ntohs((t)+sm->msg_id_base); \
93 rmp->context = mp->context; \
94 rmp->retval = ntohl(rv); \
95 do {body;} while (0); \
96 vl_msg_api_send_shmem (q, (u8 *)&rmp); \
100 /* Hook up input features */
101 VNET_FEATURE_INIT (ip4_snat_in2out, static) = {
102 .arc_name = "ip4-unicast",
103 .node_name = "snat-in2out",
104 .runs_before = VNET_FEATURES ("snat-out2in"),
106 VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
107 .arc_name = "ip4-unicast",
108 .node_name = "snat-out2in",
109 .runs_before = VNET_FEATURES ("ip4-lookup"),
111 VNET_FEATURE_INIT (ip4_snat_in2out_worker_handoff, static) = {
112 .arc_name = "ip4-unicast",
113 .node_name = "snat-in2out-worker-handoff",
114 .runs_before = VNET_FEATURES ("snat-out2in-worker-handoff"),
116 VNET_FEATURE_INIT (ip4_snat_out2in_worker_handoff, static) = {
117 .arc_name = "ip4-unicast",
118 .node_name = "snat-out2in-worker-handoff",
119 .runs_before = VNET_FEATURES ("ip4-lookup"),
121 VNET_FEATURE_INIT (ip4_snat_in2out_fast, static) = {
122 .arc_name = "ip4-unicast",
123 .node_name = "snat-in2out-fast",
124 .runs_before = VNET_FEATURES ("snat-out2in-fast"),
126 VNET_FEATURE_INIT (ip4_snat_out2in_fast, static) = {
127 .arc_name = "ip4-unicast",
128 .node_name = "snat-out2in-fast",
129 .runs_before = VNET_FEATURES ("ip4-lookup"),
134 * This routine exists to convince the vlib plugin framework that
135 * we haven't accidentally copied a random .dll into the plugin directory.
137 * Also collects global variable pointers passed from the vpp engine
141 vlib_plugin_register (vlib_main_t * vm, vnet_plugin_handoff_t * h,
144 snat_main_t * sm = &snat_main;
145 clib_error_t * error = 0;
148 sm->vnet_main = h->vnet_main;
149 sm->ethernet_main = h->ethernet_main;
154 /*$$$$$ move to an installed header file */
155 #if (1 || CLIB_DEBUG > 0) /* "trust, but verify" */
157 #define VALIDATE_SW_IF_INDEX(mp) \
158 do { u32 __sw_if_index = ntohl(mp->sw_if_index); \
159 vnet_main_t *__vnm = vnet_get_main(); \
160 if (pool_is_free_index(__vnm->interface_main.sw_interfaces, \
162 rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; \
163 goto bad_sw_if_index; \
167 #define BAD_SW_IF_INDEX_LABEL \
173 #define VALIDATE_RX_SW_IF_INDEX(mp) \
174 do { u32 __rx_sw_if_index = ntohl(mp->rx_sw_if_index); \
175 vnet_main_t *__vnm = vnet_get_main(); \
176 if (pool_is_free_index(__vnm->interface_main.sw_interfaces, \
177 __rx_sw_if_index)) { \
178 rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; \
179 goto bad_rx_sw_if_index; \
183 #define BAD_RX_SW_IF_INDEX_LABEL \
185 bad_rx_sw_if_index: \
189 #define VALIDATE_TX_SW_IF_INDEX(mp) \
190 do { u32 __tx_sw_if_index = ntohl(mp->tx_sw_if_index); \
191 vnet_main_t *__vnm = vnet_get_main(); \
192 if (pool_is_free_index(__vnm->interface_main.sw_interfaces, \
193 __tx_sw_if_index)) { \
194 rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; \
195 goto bad_tx_sw_if_index; \
199 #define BAD_TX_SW_IF_INDEX_LABEL \
201 bad_tx_sw_if_index: \
207 #define VALIDATE_SW_IF_INDEX(mp)
208 #define BAD_SW_IF_INDEX_LABEL
209 #define VALIDATE_RX_SW_IF_INDEX(mp)
210 #define BAD_RX_SW_IF_INDEX_LABEL
211 #define VALIDATE_TX_SW_IF_INDEX(mp)
212 #define BAD_TX_SW_IF_INDEX_LABEL
214 #endif /* CLIB_DEBUG > 0 */
217 * @brief Add/del NAT address to FIB.
219 * Add the external NAT address to the FIB as receive entries. This ensures
220 * that VPP will reply to ARP for this address and we don't need to enable
221 * proxy ARP on the outside interface.
223 * @param addr IPv4 address.
224 * @param sw_if_index Interface.
225 * @param is_add If 0 delete, otherwise add.
228 snat_add_del_addr_to_fib (ip4_address_t * addr, u32 sw_if_index, int is_add)
230 fib_prefix_t prefix = {
232 .fp_proto = FIB_PROTOCOL_IP4,
234 .ip4.as_u32 = addr->as_u32,
237 u32 fib_index = ip4_fib_table_get_index_for_sw_if_index(sw_if_index);
240 fib_table_entry_update_one_path(fib_index,
242 FIB_SOURCE_PLUGIN_HI,
243 (FIB_ENTRY_FLAG_CONNECTED |
244 FIB_ENTRY_FLAG_LOCAL |
245 FIB_ENTRY_FLAG_EXCLUSIVE),
252 FIB_ROUTE_PATH_FLAG_NONE);
254 fib_table_entry_delete(fib_index,
256 FIB_SOURCE_PLUGIN_HI);
259 void snat_add_address (snat_main_t *sm, ip4_address_t *addr)
264 /* Check if address already exists */
265 vec_foreach (ap, sm->addresses)
267 if (ap->addr.as_u32 == addr->as_u32)
271 vec_add2 (sm->addresses, ap, 1);
273 #define _(N, i, n, s) \
274 clib_bitmap_alloc (ap->busy_##n##_port_bitmap, 65535);
275 foreach_snat_protocol
278 /* Add external address to FIB */
279 pool_foreach (i, sm->interfaces,
284 snat_add_del_addr_to_fib(addr, i->sw_if_index, 1);
289 static int is_snat_address_used_in_static_mapping (snat_main_t *sm,
292 snat_static_mapping_t *m;
293 pool_foreach (m, sm->static_mappings,
295 if (m->external_addr.as_u32 == addr.as_u32)
302 static void increment_v4_address (ip4_address_t * a)
306 v = clib_net_to_host_u32(a->as_u32) + 1;
307 a->as_u32 = clib_host_to_net_u32(v);
311 snat_add_static_mapping_when_resolved (snat_main_t * sm,
312 ip4_address_t l_addr,
317 snat_protocol_t proto,
321 snat_static_map_resolve_t *rp;
323 vec_add2 (sm->to_resolve, rp, 1);
324 rp->l_addr.as_u32 = l_addr.as_u32;
326 rp->sw_if_index = sw_if_index;
330 rp->addr_only = addr_only;
335 * @brief Add static mapping.
337 * Create static mapping between local addr+port and external addr+port.
339 * @param l_addr Local IPv4 address.
340 * @param e_addr External IPv4 address.
341 * @param l_port Local port number.
342 * @param e_port External port number.
343 * @param vrf_id VRF ID.
344 * @param addr_only If 0 address port and pair mapping, otherwise address only.
345 * @param sw_if_index External port instead of specific IP address.
346 * @param is_add If 0 delete static mapping, otherwise add.
350 int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
351 u16 l_port, u16 e_port, u32 vrf_id, int addr_only,
352 u32 sw_if_index, snat_protocol_t proto, int is_add)
354 snat_main_t * sm = &snat_main;
355 snat_static_mapping_t *m;
356 snat_session_key_t m_key;
357 clib_bihash_kv_8_8_t kv, value;
358 snat_address_t *a = 0;
361 snat_interface_t *interface;
364 /* If outside FIB index is not resolved yet */
365 if (sm->outside_fib_index == ~0)
367 p = hash_get (sm->ip4_main->fib_index_by_table_id, sm->outside_vrf_id);
369 return VNET_API_ERROR_NO_SUCH_FIB;
370 sm->outside_fib_index = p[0];
373 /* If the external address is a specific interface address */
374 if (sw_if_index != ~0)
376 ip4_address_t * first_int_addr;
378 /* Might be already set... */
379 first_int_addr = ip4_interface_first_address
380 (sm->ip4_main, sw_if_index, 0 /* just want the address*/);
382 /* DHCP resolution required? */
383 if (first_int_addr == 0)
385 snat_add_static_mapping_when_resolved
386 (sm, l_addr, l_port, sw_if_index, e_port, vrf_id, proto,
391 e_addr.as_u32 = first_int_addr->as_u32;
395 m_key.port = addr_only ? 0 : e_port;
396 m_key.protocol = addr_only ? 0 : proto;
397 m_key.fib_index = sm->outside_fib_index;
398 kv.key = m_key.as_u64;
399 if (clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv, &value))
402 m = pool_elt_at_index (sm->static_mappings, value.value);
407 return VNET_API_ERROR_VALUE_EXIST;
409 /* Convert VRF id to FIB index */
412 p = hash_get (sm->ip4_main->fib_index_by_table_id, vrf_id);
414 return VNET_API_ERROR_NO_SUCH_FIB;
417 /* If not specified use inside VRF id from SNAT plugin startup config */
420 if (sm->inside_fib_index == ~0)
422 p = hash_get (sm->ip4_main->fib_index_by_table_id, sm->inside_vrf_id);
424 return VNET_API_ERROR_NO_SUCH_FIB;
426 sm->inside_fib_index = fib_index;
429 fib_index = sm->inside_fib_index;
431 vrf_id = sm->inside_vrf_id;
434 /* Find external address in allocated addresses and reserve port for
435 address and port pair mapping when dynamic translations enabled */
436 if (!addr_only && !(sm->static_mapping_only))
438 for (i = 0; i < vec_len (sm->addresses); i++)
440 if (sm->addresses[i].addr.as_u32 == e_addr.as_u32)
442 a = sm->addresses + i;
443 /* External port must be unused */
446 #define _(N, j, n, s) \
447 case SNAT_PROTOCOL_##N: \
448 if (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, e_port)) \
449 return VNET_API_ERROR_INVALID_VALUE; \
450 clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, e_port, 1); \
452 a->busy_##n##_ports++; \
454 foreach_snat_protocol
457 clib_warning("unknown_protocol");
458 return VNET_API_ERROR_INVALID_VALUE_2;
463 /* External address must be allocated */
465 return VNET_API_ERROR_NO_SUCH_ENTRY;
468 pool_get (sm->static_mappings, m);
469 memset (m, 0, sizeof (*m));
470 m->local_addr = l_addr;
471 m->external_addr = e_addr;
472 m->addr_only = addr_only;
474 m->fib_index = fib_index;
477 m->local_port = l_port;
478 m->external_port = e_port;
482 m_key.addr = m->local_addr;
483 m_key.port = m->local_port;
484 m_key.protocol = m->proto;
485 m_key.fib_index = m->fib_index;
486 kv.key = m_key.as_u64;
487 kv.value = m - sm->static_mappings;
488 clib_bihash_add_del_8_8(&sm->static_mapping_by_local, &kv, 1);
490 m_key.addr = m->external_addr;
491 m_key.port = m->external_port;
492 m_key.fib_index = sm->outside_fib_index;
493 kv.key = m_key.as_u64;
494 kv.value = m - sm->static_mappings;
495 clib_bihash_add_del_8_8(&sm->static_mapping_by_external, &kv, 1);
500 snat_user_key_t w_key0;
501 snat_worker_key_t w_key1;
503 w_key0.addr = m->local_addr;
504 w_key0.fib_index = m->fib_index;
505 kv.key = w_key0.as_u64;
507 if (clib_bihash_search_8_8 (&sm->worker_by_in, &kv, &value))
509 kv.value = sm->first_worker_index +
510 sm->workers[sm->next_worker++ % vec_len (sm->workers)];
512 clib_bihash_add_del_8_8 (&sm->worker_by_in, &kv, 1);
516 kv.value = value.value;
519 w_key1.addr = m->external_addr;
520 w_key1.port = clib_host_to_net_u16 (m->external_port);
521 w_key1.fib_index = sm->outside_fib_index;
522 kv.key = w_key1.as_u64;
523 clib_bihash_add_del_8_8 (&sm->worker_by_out, &kv, 1);
529 return VNET_API_ERROR_NO_SUCH_ENTRY;
531 /* Free external address port */
532 if (!addr_only && !(sm->static_mapping_only))
534 for (i = 0; i < vec_len (sm->addresses); i++)
536 if (sm->addresses[i].addr.as_u32 == e_addr.as_u32)
538 a = sm->addresses + i;
541 #define _(N, j, n, s) \
542 case SNAT_PROTOCOL_##N: \
543 clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, e_port, 0); \
545 a->busy_##n##_ports--; \
547 foreach_snat_protocol
550 clib_warning("unknown_protocol");
551 return VNET_API_ERROR_INVALID_VALUE_2;
558 m_key.addr = m->local_addr;
559 m_key.port = m->local_port;
560 m_key.protocol = m->proto;
561 m_key.fib_index = m->fib_index;
562 kv.key = m_key.as_u64;
563 clib_bihash_add_del_8_8(&sm->static_mapping_by_local, &kv, 0);
565 m_key.addr = m->external_addr;
566 m_key.port = m->external_port;
567 m_key.fib_index = sm->outside_fib_index;
568 kv.key = m_key.as_u64;
569 clib_bihash_add_del_8_8(&sm->static_mapping_by_external, &kv, 0);
571 /* Delete session(s) for static mapping if exist */
572 if (!(sm->static_mapping_only) ||
573 (sm->static_mapping_only && sm->static_mapping_connection_tracking))
575 snat_user_key_t u_key;
577 dlist_elt_t * head, * elt;
578 u32 elt_index, head_index, del_elt_index;
582 snat_main_per_thread_data_t *tsm;
584 u_key.addr = m->local_addr;
585 u_key.fib_index = m->fib_index;
586 kv.key = u_key.as_u64;
587 if (!clib_bihash_search_8_8 (&sm->user_hash, &kv, &value))
589 user_index = value.value;
590 if (!clib_bihash_search_8_8 (&sm->worker_by_in, &kv, &value))
591 tsm = vec_elt_at_index (sm->per_thread_data, value.value);
593 tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
594 u = pool_elt_at_index (tsm->users, user_index);
595 if (u->nstaticsessions)
597 head_index = u->sessions_per_user_list_head_index;
598 head = pool_elt_at_index (tsm->list_pool, head_index);
599 elt_index = head->next;
600 elt = pool_elt_at_index (tsm->list_pool, elt_index);
601 ses_index = elt->value;
602 while (ses_index != ~0)
604 s = pool_elt_at_index (tsm->sessions, ses_index);
605 del_elt_index = elt_index;
606 elt_index = elt->next;
607 elt = pool_elt_at_index (tsm->list_pool, elt_index);
608 ses_index = elt->value;
612 if ((s->out2in.addr.as_u32 != e_addr.as_u32) &&
613 (clib_net_to_host_u16 (s->out2in.port) != e_port))
618 snat_ipfix_logging_nat44_ses_delete(s->in2out.addr.as_u32,
619 s->out2in.addr.as_u32,
623 s->in2out.fib_index);
625 value.key = s->in2out.as_u64;
626 clib_bihash_add_del_8_8 (&sm->in2out, &value, 0);
627 value.key = s->out2in.as_u64;
628 clib_bihash_add_del_8_8 (&sm->out2in, &value, 0);
629 pool_put (tsm->sessions, s);
631 clib_dlist_remove (tsm->list_pool, del_elt_index);
632 pool_put_index (tsm->list_pool, del_elt_index);
633 u->nstaticsessions--;
640 pool_put (tsm->users, u);
641 clib_bihash_add_del_8_8 (&sm->user_hash, &kv, 0);
647 /* Delete static mapping from pool */
648 pool_put (sm->static_mappings, m);
654 /* Add/delete external address to FIB */
655 pool_foreach (interface, sm->interfaces,
657 if (interface->is_inside)
660 snat_add_del_addr_to_fib(&e_addr, interface->sw_if_index, is_add);
667 int snat_del_address (snat_main_t *sm, ip4_address_t addr, u8 delete_sm)
669 snat_address_t *a = 0;
671 u32 *ses_to_be_removed = 0, *ses_index;
672 clib_bihash_kv_8_8_t kv, value;
673 snat_user_key_t user_key;
675 snat_main_per_thread_data_t *tsm;
676 snat_static_mapping_t *m;
677 snat_interface_t *interface;
680 /* Find SNAT address */
681 for (i=0; i < vec_len (sm->addresses); i++)
683 if (sm->addresses[i].addr.as_u32 == addr.as_u32)
685 a = sm->addresses + i;
690 return VNET_API_ERROR_NO_SUCH_ENTRY;
694 pool_foreach (m, sm->static_mappings,
696 if (m->external_addr.as_u32 == addr.as_u32)
697 (void) snat_add_static_mapping (m->local_addr, m->external_addr,
698 m->local_port, m->external_port,
699 m->vrf_id, m->addr_only, ~0,
705 /* Check if address is used in some static mapping */
706 if (is_snat_address_used_in_static_mapping(sm, addr))
708 clib_warning ("address used in static mapping");
709 return VNET_API_ERROR_UNSPECIFIED;
713 /* Delete sessions using address */
714 if (a->busy_tcp_ports || a->busy_udp_ports || a->busy_icmp_ports)
716 vec_foreach (tsm, sm->per_thread_data)
718 pool_foreach (ses, tsm->sessions, ({
719 if (ses->out2in.addr.as_u32 == addr.as_u32)
722 snat_ipfix_logging_nat44_ses_delete(ses->in2out.addr.as_u32,
723 ses->out2in.addr.as_u32,
724 ses->in2out.protocol,
727 ses->in2out.fib_index);
728 vec_add1 (ses_to_be_removed, ses - tsm->sessions);
729 kv.key = ses->in2out.as_u64;
730 clib_bihash_add_del_8_8 (&sm->in2out, &kv, 0);
731 kv.key = ses->out2in.as_u64;
732 clib_bihash_add_del_8_8 (&sm->out2in, &kv, 0);
733 clib_dlist_remove (tsm->list_pool, ses->per_user_index);
734 user_key.addr = ses->in2out.addr;
735 user_key.fib_index = ses->in2out.fib_index;
736 kv.key = user_key.as_u64;
737 if (!clib_bihash_search_8_8 (&sm->user_hash, &kv, &value))
739 u = pool_elt_at_index (tsm->users, value.value);
745 vec_foreach (ses_index, ses_to_be_removed)
746 pool_put_index (tsm->sessions, ses_index[0]);
748 vec_free (ses_to_be_removed);
752 vec_del1 (sm->addresses, i);
754 /* Delete external address from FIB */
755 pool_foreach (interface, sm->interfaces,
757 if (interface->is_inside)
760 snat_add_del_addr_to_fib(&addr, interface->sw_if_index, 0);
767 static int snat_interface_add_del (u32 sw_if_index, u8 is_inside, int is_del)
769 snat_main_t *sm = &snat_main;
771 const char * feature_name;
773 snat_static_mapping_t * m;
775 if (sm->static_mapping_only && !(sm->static_mapping_connection_tracking))
776 feature_name = is_inside ? "snat-in2out-fast" : "snat-out2in-fast";
779 if (sm->num_workers > 1)
780 feature_name = is_inside ? "snat-in2out-worker-handoff" : "snat-out2in-worker-handoff";
782 feature_name = is_inside ? "snat-in2out" : "snat-out2in";
785 vnet_feature_enable_disable ("ip4-unicast", feature_name, sw_if_index,
788 if (sm->fq_in2out_index == ~0)
789 sm->fq_in2out_index = vlib_frame_queue_main_init (snat_in2out_node.index, 0);
791 if (sm->fq_out2in_index == ~0)
792 sm->fq_out2in_index = vlib_frame_queue_main_init (snat_out2in_node.index, 0);
794 pool_foreach (i, sm->interfaces,
796 if (i->sw_if_index == sw_if_index)
799 pool_put (sm->interfaces, i);
801 return VNET_API_ERROR_VALUE_EXIST;
808 return VNET_API_ERROR_NO_SUCH_ENTRY;
810 pool_get (sm->interfaces, i);
811 i->sw_if_index = sw_if_index;
812 i->is_inside = is_inside;
814 /* Add/delete external addresses to FIB */
819 vec_foreach (ap, sm->addresses)
820 snat_add_del_addr_to_fib(&ap->addr, sw_if_index, !is_del);
822 pool_foreach (m, sm->static_mappings,
827 snat_add_del_addr_to_fib(&m->external_addr, sw_if_index, !is_del);
833 static int snat_set_workers (uword * bitmap)
835 snat_main_t *sm = &snat_main;
838 if (sm->num_workers < 2)
839 return VNET_API_ERROR_FEATURE_DISABLED;
841 if (clib_bitmap_last_set (bitmap) >= sm->num_workers)
842 return VNET_API_ERROR_INVALID_WORKER;
844 vec_free (sm->workers);
845 clib_bitmap_foreach (i, bitmap,
847 vec_add1(sm->workers, i);
854 vl_api_snat_add_address_range_t_handler
855 (vl_api_snat_add_address_range_t * mp)
857 snat_main_t * sm = &snat_main;
858 vl_api_snat_add_address_range_reply_t * rmp;
859 ip4_address_t this_addr;
860 u32 start_host_order, end_host_order;
867 rv = VNET_API_ERROR_UNIMPLEMENTED;
871 if (sm->static_mapping_only)
873 rv = VNET_API_ERROR_FEATURE_DISABLED;
877 tmp = (u32 *) mp->first_ip_address;
878 start_host_order = clib_host_to_net_u32 (tmp[0]);
879 tmp = (u32 *) mp->last_ip_address;
880 end_host_order = clib_host_to_net_u32 (tmp[0]);
882 count = (end_host_order - start_host_order) + 1;
885 clib_warning ("%U - %U, %d addresses...",
886 format_ip4_address, mp->first_ip_address,
887 format_ip4_address, mp->last_ip_address,
890 memcpy (&this_addr.as_u8, mp->first_ip_address, 4);
892 for (i = 0; i < count; i++)
895 snat_add_address (sm, &this_addr);
897 rv = snat_del_address (sm, this_addr, 0);
902 increment_v4_address (&this_addr);
906 REPLY_MACRO (VL_API_SNAT_ADD_ADDRESS_RANGE_REPLY);
909 static void *vl_api_snat_add_address_range_t_print
910 (vl_api_snat_add_address_range_t *mp, void * handle)
914 s = format (0, "SCRIPT: snat_add_address_range ");
915 s = format (s, "%U ", format_ip4_address, mp->first_ip_address);
916 if (memcmp (mp->first_ip_address, mp->last_ip_address, 4))
918 s = format (s, " - %U ", format_ip4_address, mp->last_ip_address);
924 send_snat_address_details
925 (snat_address_t * a, unix_shared_memory_queue_t * q, u32 context)
927 vl_api_snat_address_details_t *rmp;
928 snat_main_t * sm = &snat_main;
930 rmp = vl_msg_api_alloc (sizeof (*rmp));
931 memset (rmp, 0, sizeof (*rmp));
932 rmp->_vl_msg_id = ntohs (VL_API_SNAT_ADDRESS_DETAILS+sm->msg_id_base);
934 clib_memcpy (rmp->ip_address, &(a->addr), 4);
935 rmp->context = context;
937 vl_msg_api_send_shmem (q, (u8 *) & rmp);
941 vl_api_snat_address_dump_t_handler
942 (vl_api_snat_address_dump_t * mp)
944 unix_shared_memory_queue_t *q;
945 snat_main_t * sm = &snat_main;
948 q = vl_api_client_index_to_input_queue (mp->client_index);
952 vec_foreach (a, sm->addresses)
953 send_snat_address_details (a, q, mp->context);
956 static void *vl_api_snat_address_dump_t_print
957 (vl_api_snat_address_dump_t *mp, void * handle)
961 s = format (0, "SCRIPT: snat_address_dump ");
967 vl_api_snat_interface_add_del_feature_t_handler
968 (vl_api_snat_interface_add_del_feature_t * mp)
970 snat_main_t * sm = &snat_main;
971 vl_api_snat_interface_add_del_feature_reply_t * rmp;
972 u8 is_del = mp->is_add == 0;
973 u32 sw_if_index = ntohl(mp->sw_if_index);
976 VALIDATE_SW_IF_INDEX(mp);
978 rv = snat_interface_add_del (sw_if_index, mp->is_inside, is_del);
980 BAD_SW_IF_INDEX_LABEL;
982 REPLY_MACRO(VL_API_SNAT_INTERFACE_ADD_DEL_FEATURE_REPLY);
985 static void *vl_api_snat_interface_add_del_feature_t_print
986 (vl_api_snat_interface_add_del_feature_t * mp, void *handle)
990 s = format (0, "SCRIPT: snat_interface_add_del_feature ");
991 s = format (s, "sw_if_index %d %s %s",
992 clib_host_to_net_u32(mp->sw_if_index),
993 mp->is_inside ? "in":"out",
994 mp->is_add ? "" : "del");
1000 send_snat_interface_details
1001 (snat_interface_t * i, unix_shared_memory_queue_t * q, u32 context)
1003 vl_api_snat_interface_details_t *rmp;
1004 snat_main_t * sm = &snat_main;
1006 rmp = vl_msg_api_alloc (sizeof (*rmp));
1007 memset (rmp, 0, sizeof (*rmp));
1008 rmp->_vl_msg_id = ntohs (VL_API_SNAT_INTERFACE_DETAILS+sm->msg_id_base);
1009 rmp->sw_if_index = ntohl (i->sw_if_index);
1010 rmp->is_inside = i->is_inside;
1011 rmp->context = context;
1013 vl_msg_api_send_shmem (q, (u8 *) & rmp);
1017 vl_api_snat_interface_dump_t_handler
1018 (vl_api_snat_interface_dump_t * mp)
1020 unix_shared_memory_queue_t *q;
1021 snat_main_t * sm = &snat_main;
1022 snat_interface_t * i;
1024 q = vl_api_client_index_to_input_queue (mp->client_index);
1028 pool_foreach (i, sm->interfaces,
1030 send_snat_interface_details(i, q, mp->context);
1034 static void *vl_api_snat_interface_dump_t_print
1035 (vl_api_snat_interface_dump_t *mp, void * handle)
1039 s = format (0, "SCRIPT: snat_interface_dump ");
1044 vl_api_snat_add_static_mapping_t_handler
1045 (vl_api_snat_add_static_mapping_t * mp)
1047 snat_main_t * sm = &snat_main;
1048 vl_api_snat_add_static_mapping_reply_t * rmp;
1049 ip4_address_t local_addr, external_addr;
1050 u16 local_port = 0, external_port = 0;
1051 u32 vrf_id, external_sw_if_index;
1053 snat_protocol_t proto;
1055 if (mp->is_ip4 != 1)
1057 rv = VNET_API_ERROR_UNIMPLEMENTED;
1061 memcpy (&local_addr.as_u8, mp->local_ip_address, 4);
1062 memcpy (&external_addr.as_u8, mp->external_ip_address, 4);
1063 if (mp->addr_only == 0)
1065 local_port = clib_net_to_host_u16 (mp->local_port);
1066 external_port = clib_net_to_host_u16 (mp->external_port);
1068 vrf_id = clib_net_to_host_u32 (mp->vrf_id);
1069 external_sw_if_index = clib_net_to_host_u32 (mp->external_sw_if_index);
1070 proto = ip_proto_to_snat_proto (mp->protocol);
1072 rv = snat_add_static_mapping(local_addr, external_addr, local_port,
1073 external_port, vrf_id, mp->addr_only,
1074 external_sw_if_index, proto, mp->is_add);
1077 REPLY_MACRO (VL_API_SNAT_ADD_ADDRESS_RANGE_REPLY);
1080 static void *vl_api_snat_add_static_mapping_t_print
1081 (vl_api_snat_add_static_mapping_t *mp, void * handle)
1085 s = format (0, "SCRIPT: snat_add_static_mapping ");
1086 s = format (s, "protocol %d local_addr %U external_addr %U ",
1088 format_ip4_address, mp->local_ip_address,
1089 format_ip4_address, mp->external_ip_address);
1091 if (mp->addr_only == 0)
1092 s = format (s, "local_port %d external_port %d ",
1093 clib_net_to_host_u16 (mp->local_port),
1094 clib_net_to_host_u16 (mp->external_port));
1096 if (mp->vrf_id != ~0)
1097 s = format (s, "vrf %d", clib_net_to_host_u32 (mp->vrf_id));
1099 if (mp->external_sw_if_index != ~0)
1100 s = format (s, "external_sw_if_index %d",
1101 clib_net_to_host_u32 (mp->external_sw_if_index));
1106 send_snat_static_mapping_details
1107 (snat_static_mapping_t * m, unix_shared_memory_queue_t * q, u32 context)
1109 vl_api_snat_static_mapping_details_t *rmp;
1110 snat_main_t * sm = &snat_main;
1112 rmp = vl_msg_api_alloc (sizeof (*rmp));
1113 memset (rmp, 0, sizeof (*rmp));
1114 rmp->_vl_msg_id = ntohs (VL_API_SNAT_STATIC_MAPPING_DETAILS+sm->msg_id_base);
1116 rmp->addr_only = m->addr_only;
1117 clib_memcpy (rmp->local_ip_address, &(m->local_addr), 4);
1118 clib_memcpy (rmp->external_ip_address, &(m->external_addr), 4);
1119 rmp->local_port = htons (m->local_port);
1120 rmp->external_port = htons (m->external_port);
1121 rmp->vrf_id = htonl (m->vrf_id);
1122 rmp->protocol = snat_proto_to_ip_proto (m->proto);
1123 rmp->context = context;
1125 vl_msg_api_send_shmem (q, (u8 *) & rmp);
1129 vl_api_snat_static_mapping_dump_t_handler
1130 (vl_api_snat_static_mapping_dump_t * mp)
1132 unix_shared_memory_queue_t *q;
1133 snat_main_t * sm = &snat_main;
1134 snat_static_mapping_t * m;
1136 q = vl_api_client_index_to_input_queue (mp->client_index);
1140 pool_foreach (m, sm->static_mappings,
1142 send_snat_static_mapping_details (m, q, mp->context);
1146 static void *vl_api_snat_static_mapping_dump_t_print
1147 (vl_api_snat_static_mapping_dump_t *mp, void * handle)
1151 s = format (0, "SCRIPT: snat_static_mapping_dump ");
1157 vl_api_snat_control_ping_t_handler
1158 (vl_api_snat_control_ping_t * mp)
1160 vl_api_snat_control_ping_reply_t *rmp;
1161 snat_main_t * sm = &snat_main;
1164 REPLY_MACRO2(VL_API_SNAT_CONTROL_PING_REPLY,
1166 rmp->vpe_pid = ntohl (getpid());
1170 static void *vl_api_snat_control_ping_t_print
1171 (vl_api_snat_control_ping_t *mp, void * handle)
1175 s = format (0, "SCRIPT: snat_control_ping ");
1181 vl_api_snat_show_config_t_handler
1182 (vl_api_snat_show_config_t * mp)
1184 vl_api_snat_show_config_reply_t *rmp;
1185 snat_main_t * sm = &snat_main;
1188 REPLY_MACRO2(VL_API_SNAT_SHOW_CONFIG_REPLY,
1190 rmp->translation_buckets = htonl (sm->translation_buckets);
1191 rmp->translation_memory_size = htonl (sm->translation_memory_size);
1192 rmp->user_buckets = htonl (sm->user_buckets);
1193 rmp->user_memory_size = htonl (sm->user_memory_size);
1194 rmp->max_translations_per_user = htonl (sm->max_translations_per_user);
1195 rmp->outside_vrf_id = htonl (sm->outside_vrf_id);
1196 rmp->inside_vrf_id = htonl (sm->inside_vrf_id);
1197 rmp->static_mapping_only = sm->static_mapping_only;
1198 rmp->static_mapping_connection_tracking =
1199 sm->static_mapping_connection_tracking;
1203 static void *vl_api_snat_show_config_t_print
1204 (vl_api_snat_show_config_t *mp, void * handle)
1208 s = format (0, "SCRIPT: snat_show_config ");
1214 vl_api_snat_set_workers_t_handler
1215 (vl_api_snat_set_workers_t * mp)
1217 snat_main_t * sm = &snat_main;
1218 vl_api_snat_set_workers_reply_t * rmp;
1221 u64 mask = clib_net_to_host_u64 (mp->worker_mask);
1223 if (sm->num_workers < 2)
1225 rv = VNET_API_ERROR_FEATURE_DISABLED;
1229 bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask));
1230 rv = snat_set_workers(bitmap);
1231 clib_bitmap_free (bitmap);
1234 REPLY_MACRO (VL_API_SNAT_SET_WORKERS_REPLY);
1237 static void *vl_api_snat_set_workers_t_print
1238 (vl_api_snat_set_workers_t *mp, void * handle)
1244 u64 mask = clib_net_to_host_u64 (mp->worker_mask);
1246 s = format (0, "SCRIPT: snat_set_workers ");
1247 bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask));
1248 clib_bitmap_foreach (i, bitmap,
1251 s = format (s, "%d", i);
1253 s = format (s, ",%d", i);
1256 clib_bitmap_free (bitmap);
1261 send_snat_worker_details
1262 (u32 worker_index, unix_shared_memory_queue_t * q, u32 context)
1264 vl_api_snat_worker_details_t *rmp;
1265 snat_main_t * sm = &snat_main;
1266 vlib_worker_thread_t *w =
1267 vlib_worker_threads + worker_index + sm->first_worker_index;
1269 rmp = vl_msg_api_alloc (sizeof (*rmp));
1270 memset (rmp, 0, sizeof (*rmp));
1271 rmp->_vl_msg_id = ntohs (VL_API_SNAT_WORKER_DETAILS+sm->msg_id_base);
1272 rmp->context = context;
1273 rmp->worker_index = htonl (worker_index);
1274 rmp->lcore_id = htonl (w->lcore_id);
1275 strncpy ((char *) rmp->name, (char *) w->name, ARRAY_LEN (rmp->name) - 1);
1277 vl_msg_api_send_shmem (q, (u8 *) & rmp);
1281 vl_api_snat_worker_dump_t_handler
1282 (vl_api_snat_worker_dump_t * mp)
1284 unix_shared_memory_queue_t *q;
1285 snat_main_t * sm = &snat_main;
1288 q = vl_api_client_index_to_input_queue (mp->client_index);
1292 vec_foreach (worker_index, sm->workers)
1294 send_snat_worker_details(*worker_index, q, mp->context);
1298 static void *vl_api_snat_worker_dump_t_print
1299 (vl_api_snat_worker_dump_t *mp, void * handle)
1303 s = format (0, "SCRIPT: snat_worker_dump ");
1308 static int snat_add_interface_address(snat_main_t *sm,
1313 vl_api_snat_add_del_interface_addr_t_handler
1314 (vl_api_snat_add_del_interface_addr_t * mp)
1316 snat_main_t * sm = &snat_main;
1317 vl_api_snat_add_del_interface_addr_reply_t * rmp;
1318 u8 is_del = mp->is_add == 0;
1319 u32 sw_if_index = ntohl(mp->sw_if_index);
1322 VALIDATE_SW_IF_INDEX(mp);
1324 rv = snat_add_interface_address (sm, sw_if_index, is_del);
1326 BAD_SW_IF_INDEX_LABEL;
1328 REPLY_MACRO(VL_API_SNAT_ADD_DEL_INTERFACE_ADDR_REPLY);
1331 static void *vl_api_snat_add_del_interface_addr_t_print
1332 (vl_api_snat_add_del_interface_addr_t * mp, void *handle)
1336 s = format (0, "SCRIPT: snat_add_del_interface_addr ");
1337 s = format (s, "sw_if_index %d %s",
1338 clib_host_to_net_u32(mp->sw_if_index),
1339 mp->is_add ? "" : "del");
1345 send_snat_interface_addr_details
1346 (u32 sw_if_index, unix_shared_memory_queue_t * q, u32 context)
1348 vl_api_snat_interface_addr_details_t *rmp;
1349 snat_main_t * sm = &snat_main;
1351 rmp = vl_msg_api_alloc (sizeof (*rmp));
1352 memset (rmp, 0, sizeof (*rmp));
1353 rmp->_vl_msg_id = ntohs (VL_API_SNAT_INTERFACE_ADDR_DETAILS+sm->msg_id_base);
1354 rmp->sw_if_index = ntohl (sw_if_index);
1355 rmp->context = context;
1357 vl_msg_api_send_shmem (q, (u8 *) & rmp);
1361 vl_api_snat_interface_addr_dump_t_handler
1362 (vl_api_snat_interface_addr_dump_t * mp)
1364 unix_shared_memory_queue_t *q;
1365 snat_main_t * sm = &snat_main;
1368 q = vl_api_client_index_to_input_queue (mp->client_index);
1372 vec_foreach (i, sm->auto_add_sw_if_indices)
1373 send_snat_interface_addr_details(*i, q, mp->context);
1376 static void *vl_api_snat_interface_addr_dump_t_print
1377 (vl_api_snat_interface_addr_dump_t *mp, void * handle)
1381 s = format (0, "SCRIPT: snat_interface_addr_dump ");
1387 vl_api_snat_ipfix_enable_disable_t_handler
1388 (vl_api_snat_ipfix_enable_disable_t * mp)
1390 snat_main_t * sm = &snat_main;
1391 vl_api_snat_ipfix_enable_disable_reply_t * rmp;
1394 rv = snat_ipfix_logging_enable_disable(mp->enable,
1395 clib_host_to_net_u32 (mp->domain_id),
1396 clib_host_to_net_u16 (mp->src_port));
1398 REPLY_MACRO (VL_API_SNAT_IPFIX_ENABLE_DISABLE_REPLY);
1401 static void *vl_api_snat_ipfix_enable_disable_t_print
1402 (vl_api_snat_ipfix_enable_disable_t *mp, void * handle)
1406 s = format (0, "SCRIPT: snat_ipfix_enable_disable ");
1408 s = format (s, "domain %d ", clib_net_to_host_u32 (mp->domain_id));
1410 s = format (s, "src_port %d ", clib_net_to_host_u16 (mp->src_port));
1412 s = format (s, "disable ");
1417 /* List of message types that this plugin understands */
1418 #define foreach_snat_plugin_api_msg \
1419 _(SNAT_ADD_ADDRESS_RANGE, snat_add_address_range) \
1420 _(SNAT_INTERFACE_ADD_DEL_FEATURE, snat_interface_add_del_feature) \
1421 _(SNAT_ADD_STATIC_MAPPING, snat_add_static_mapping) \
1422 _(SNAT_CONTROL_PING, snat_control_ping) \
1423 _(SNAT_STATIC_MAPPING_DUMP, snat_static_mapping_dump) \
1424 _(SNAT_SHOW_CONFIG, snat_show_config) \
1425 _(SNAT_ADDRESS_DUMP, snat_address_dump) \
1426 _(SNAT_INTERFACE_DUMP, snat_interface_dump) \
1427 _(SNAT_SET_WORKERS, snat_set_workers) \
1428 _(SNAT_WORKER_DUMP, snat_worker_dump) \
1429 _(SNAT_ADD_DEL_INTERFACE_ADDR, snat_add_del_interface_addr) \
1430 _(SNAT_INTERFACE_ADDR_DUMP, snat_interface_addr_dump) \
1431 _(SNAT_IPFIX_ENABLE_DISABLE, snat_ipfix_enable_disable)
1433 /* Set up the API message handling tables */
1434 static clib_error_t *
1435 snat_plugin_api_hookup (vlib_main_t *vm)
1437 snat_main_t * sm __attribute__ ((unused)) = &snat_main;
1439 vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), \
1441 vl_api_##n##_t_handler, \
1443 vl_api_##n##_t_endian, \
1444 vl_api_##n##_t_print, \
1445 sizeof(vl_api_##n##_t), 1);
1446 foreach_snat_plugin_api_msg;
1452 #define vl_msg_name_crc_list
1453 #include <snat/snat_all_api_h.h>
1454 #undef vl_msg_name_crc_list
1457 setup_message_id_table (snat_main_t * sm, api_main_t * am)
1459 #define _(id,n,crc) \
1460 vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id + sm->msg_id_base);
1461 foreach_vl_msg_name_crc_snat;
1465 static void plugin_custom_dump_configure (snat_main_t * sm)
1467 #define _(n,f) sm->api_main->msg_print_handlers \
1468 [VL_API_##n + sm->msg_id_base] \
1469 = (void *) vl_api_##f##_t_print;
1470 foreach_snat_plugin_api_msg;
1476 snat_ip4_add_del_interface_address_cb (ip4_main_t * im,
1479 ip4_address_t * address,
1481 u32 if_address_index,
1484 static clib_error_t * snat_init (vlib_main_t * vm)
1486 snat_main_t * sm = &snat_main;
1487 clib_error_t * error = 0;
1488 ip4_main_t * im = &ip4_main;
1489 ip_lookup_main_t * lm = &im->lookup_main;
1492 vlib_thread_registration_t *tr;
1493 vlib_thread_main_t *tm = vlib_get_thread_main ();
1496 ip4_add_del_interface_address_callback_t cb4;
1498 name = format (0, "snat_%08x%c", api_version, 0);
1500 /* Ask for a correctly-sized block of API message decode slots */
1501 sm->msg_id_base = vl_msg_api_get_msg_ids
1502 ((char *) name, VL_MSG_FIRST_AVAILABLE);
1505 sm->vnet_main = vnet_get_main();
1507 sm->ip4_lookup_main = lm;
1508 sm->api_main = &api_main;
1509 sm->first_worker_index = 0;
1510 sm->next_worker = 0;
1511 sm->num_workers = 0;
1513 sm->fq_in2out_index = ~0;
1514 sm->fq_out2in_index = ~0;
1516 p = hash_get_mem (tm->thread_registrations_by_name, "workers");
1519 tr = (vlib_thread_registration_t *) p[0];
1522 sm->num_workers = tr->count;
1523 sm->first_worker_index = tr->first_index;
1527 /* Use all available workers by default */
1528 if (sm->num_workers > 1)
1530 for (i=0; i < sm->num_workers; i++)
1531 bitmap = clib_bitmap_set (bitmap, i, 1);
1532 snat_set_workers(bitmap);
1533 clib_bitmap_free (bitmap);
1536 error = snat_plugin_api_hookup (vm);
1538 /* Add our API messages to the global name_crc hash table */
1539 setup_message_id_table (sm, &api_main);
1541 plugin_custom_dump_configure (sm);
1544 /* Set up the interface address add/del callback */
1545 cb4.function = snat_ip4_add_del_interface_address_cb;
1546 cb4.function_opaque = 0;
1548 vec_add1 (im->add_del_interface_address_callbacks, cb4);
1550 /* Init IPFIX logging */
1551 snat_ipfix_logging_init(vm);
1556 VLIB_INIT_FUNCTION (snat_init);
1558 void snat_free_outside_address_and_port (snat_main_t * sm,
1559 snat_session_key_t * k,
1563 u16 port_host_byte_order = clib_net_to_host_u16 (k->port);
1565 ASSERT (address_index < vec_len (sm->addresses));
1567 a = sm->addresses + address_index;
1569 switch (k->protocol)
1571 #define _(N, i, n, s) \
1572 case SNAT_PROTOCOL_##N: \
1573 ASSERT (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, \
1574 port_host_byte_order) == 1); \
1575 clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, \
1576 port_host_byte_order, 0); \
1577 a->busy_##n##_ports--; \
1579 foreach_snat_protocol
1582 clib_warning("unknown_protocol");
1588 * @brief Match SNAT static mapping.
1590 * @param sm SNAT main.
1591 * @param match Address and port to match.
1592 * @param mapping External or local address and port of the matched mapping.
1593 * @param by_external If 0 match by local address otherwise match by external
1596 * @returns 0 if match found otherwise 1.
1598 int snat_static_mapping_match (snat_main_t * sm,
1599 snat_session_key_t match,
1600 snat_session_key_t * mapping,
1603 clib_bihash_kv_8_8_t kv, value;
1604 snat_static_mapping_t *m;
1605 snat_session_key_t m_key;
1606 clib_bihash_8_8_t *mapping_hash = &sm->static_mapping_by_local;
1609 mapping_hash = &sm->static_mapping_by_external;
1611 m_key.addr = match.addr;
1612 m_key.port = clib_net_to_host_u16 (match.port);
1613 m_key.protocol = match.protocol;
1614 m_key.fib_index = match.fib_index;
1616 kv.key = m_key.as_u64;
1618 if (clib_bihash_search_8_8 (mapping_hash, &kv, &value))
1620 /* Try address only mapping */
1623 kv.key = m_key.as_u64;
1624 if (clib_bihash_search_8_8 (mapping_hash, &kv, &value))
1628 m = pool_elt_at_index (sm->static_mappings, value.value);
1632 mapping->addr = m->local_addr;
1633 /* Address only mapping doesn't change port */
1634 mapping->port = m->addr_only ? match.port
1635 : clib_host_to_net_u16 (m->local_port);
1636 mapping->fib_index = m->fib_index;
1640 mapping->addr = m->external_addr;
1641 /* Address only mapping doesn't change port */
1642 mapping->port = m->addr_only ? match.port
1643 : clib_host_to_net_u16 (m->external_port);
1644 mapping->fib_index = sm->outside_fib_index;
1650 int snat_alloc_outside_address_and_port (snat_main_t * sm,
1651 snat_session_key_t * k,
1652 u32 * address_indexp)
1658 for (i = 0; i < vec_len (sm->addresses); i++)
1660 a = sm->addresses + i;
1661 switch (k->protocol)
1663 #define _(N, j, n, s) \
1664 case SNAT_PROTOCOL_##N: \
1665 if (a->busy_##n##_ports < (65535-1024)) \
1669 portnum = random_u32 (&sm->random_seed); \
1670 portnum &= 0xFFFF; \
1671 if (portnum < 1024) \
1673 if (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, portnum)) \
1675 clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, portnum, 1); \
1676 a->busy_##n##_ports++; \
1677 k->addr = a->addr; \
1678 k->port = clib_host_to_net_u16(portnum); \
1679 *address_indexp = i; \
1684 foreach_snat_protocol
1687 clib_warning("unknown protocol");
1692 /* Totally out of translations to use... */
1693 snat_ipfix_logging_addresses_exhausted(0);
1698 static clib_error_t *
1699 add_address_command_fn (vlib_main_t * vm,
1700 unformat_input_t * input,
1701 vlib_cli_command_t * cmd)
1703 unformat_input_t _line_input, *line_input = &_line_input;
1704 snat_main_t * sm = &snat_main;
1705 ip4_address_t start_addr, end_addr, this_addr;
1706 u32 start_host_order, end_host_order;
1711 /* Get a line of input. */
1712 if (!unformat_user (input, unformat_line_input, line_input))
1715 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1717 if (unformat (line_input, "%U - %U",
1718 unformat_ip4_address, &start_addr,
1719 unformat_ip4_address, &end_addr))
1721 else if (unformat (line_input, "%U", unformat_ip4_address, &start_addr))
1722 end_addr = start_addr;
1723 else if (unformat (line_input, "del"))
1726 return clib_error_return (0, "unknown input '%U'",
1727 format_unformat_error, input);
1729 unformat_free (line_input);
1731 if (sm->static_mapping_only)
1732 return clib_error_return (0, "static mapping only mode");
1734 start_host_order = clib_host_to_net_u32 (start_addr.as_u32);
1735 end_host_order = clib_host_to_net_u32 (end_addr.as_u32);
1737 if (end_host_order < start_host_order)
1738 return clib_error_return (0, "end address less than start address");
1740 count = (end_host_order - start_host_order) + 1;
1743 clib_warning ("%U - %U, %d addresses...",
1744 format_ip4_address, &start_addr,
1745 format_ip4_address, &end_addr,
1748 this_addr = start_addr;
1750 for (i = 0; i < count; i++)
1753 snat_add_address (sm, &this_addr);
1755 rv = snat_del_address (sm, this_addr, 0);
1759 case VNET_API_ERROR_NO_SUCH_ENTRY:
1760 return clib_error_return (0, "S-NAT address not exist.");
1762 case VNET_API_ERROR_UNSPECIFIED:
1763 return clib_error_return (0, "S-NAT address used in static mapping.");
1769 increment_v4_address (&this_addr);
1775 VLIB_CLI_COMMAND (add_address_command, static) = {
1776 .path = "snat add address",
1777 .short_help = "snat add addresses <ip4-range-start> [- <ip4-range-end>] [del]",
1778 .function = add_address_command_fn,
1781 static clib_error_t *
1782 snat_feature_command_fn (vlib_main_t * vm,
1783 unformat_input_t * input,
1784 vlib_cli_command_t * cmd)
1786 unformat_input_t _line_input, *line_input = &_line_input;
1787 vnet_main_t * vnm = vnet_get_main();
1788 clib_error_t * error = 0;
1790 u32 * inside_sw_if_indices = 0;
1791 u32 * outside_sw_if_indices = 0;
1797 /* Get a line of input. */
1798 if (!unformat_user (input, unformat_line_input, line_input))
1801 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1803 if (unformat (line_input, "in %U", unformat_vnet_sw_interface,
1805 vec_add1 (inside_sw_if_indices, sw_if_index);
1806 else if (unformat (line_input, "out %U", unformat_vnet_sw_interface,
1808 vec_add1 (outside_sw_if_indices, sw_if_index);
1809 else if (unformat (line_input, "del"))
1812 return clib_error_return (0, "unknown input '%U'",
1813 format_unformat_error, input);
1815 unformat_free (line_input);
1817 if (vec_len (inside_sw_if_indices))
1819 for (i = 0; i < vec_len(inside_sw_if_indices); i++)
1821 sw_if_index = inside_sw_if_indices[i];
1822 snat_interface_add_del (sw_if_index, 1, is_del);
1826 if (vec_len (outside_sw_if_indices))
1828 for (i = 0; i < vec_len(outside_sw_if_indices); i++)
1830 sw_if_index = outside_sw_if_indices[i];
1831 snat_interface_add_del (sw_if_index, 0, is_del);
1835 vec_free (inside_sw_if_indices);
1836 vec_free (outside_sw_if_indices);
1841 VLIB_CLI_COMMAND (set_interface_snat_command, static) = {
1842 .path = "set interface snat",
1843 .function = snat_feature_command_fn,
1844 .short_help = "set interface snat in <intfc> out <intfc> [del]",
1848 unformat_snat_protocol (unformat_input_t * input, va_list * args)
1850 u32 *r = va_arg (*args, u32 *);
1853 #define _(N, i, n, s) else if (unformat (input, s)) *r = SNAT_PROTOCOL_##N;
1854 foreach_snat_protocol
1862 format_snat_protocol (u8 * s, va_list * args)
1864 u32 i = va_arg (*args, u32);
1869 #define _(N, j, n, str) case SNAT_PROTOCOL_##N: t = (u8 *) str; break;
1870 foreach_snat_protocol
1873 s = format (s, "unknown");
1875 s = format (s, "%s", t);
1879 static clib_error_t *
1880 add_static_mapping_command_fn (vlib_main_t * vm,
1881 unformat_input_t * input,
1882 vlib_cli_command_t * cmd)
1884 unformat_input_t _line_input, *line_input = &_line_input;
1885 clib_error_t * error = 0;
1886 ip4_address_t l_addr, e_addr;
1887 u32 l_port = 0, e_port = 0, vrf_id = ~0;
1890 u32 sw_if_index = ~0;
1891 vnet_main_t * vnm = vnet_get_main();
1893 snat_protocol_t proto;
1895 /* Get a line of input. */
1896 if (!unformat_user (input, unformat_line_input, line_input))
1899 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1901 if (unformat (line_input, "local %U %u", unformat_ip4_address, &l_addr,
1904 else if (unformat (line_input, "local %U", unformat_ip4_address, &l_addr))
1906 else if (unformat (line_input, "external %U %u", unformat_ip4_address,
1909 else if (unformat (line_input, "external %U", unformat_ip4_address,
1912 else if (unformat (line_input, "external %U %u",
1913 unformat_vnet_sw_interface, vnm, &sw_if_index,
1917 else if (unformat (line_input, "external %U",
1918 unformat_vnet_sw_interface, vnm, &sw_if_index))
1920 else if (unformat (line_input, "vrf %u", &vrf_id))
1922 else if (unformat (line_input, "%U", unformat_snat_protocol, &proto))
1924 else if (unformat (line_input, "del"))
1927 return clib_error_return (0, "unknown input: '%U'",
1928 format_unformat_error, line_input);
1930 unformat_free (line_input);
1932 rv = snat_add_static_mapping(l_addr, e_addr, (u16) l_port, (u16) e_port,
1933 vrf_id, addr_only, sw_if_index, proto, is_add);
1937 case VNET_API_ERROR_INVALID_VALUE:
1938 return clib_error_return (0, "External port already in use.");
1940 case VNET_API_ERROR_NO_SUCH_ENTRY:
1942 return clib_error_return (0, "External addres must be allocated.");
1944 return clib_error_return (0, "Mapping not exist.");
1946 case VNET_API_ERROR_NO_SUCH_FIB:
1947 return clib_error_return (0, "No such VRF id.");
1948 case VNET_API_ERROR_VALUE_EXIST:
1949 return clib_error_return (0, "Mapping already exist.");
1959 * @cliexstart{snat add static mapping}
1960 * Static mapping allows hosts on the external network to initiate connection
1961 * to to the local network host.
1962 * To create static mapping between local host address 10.0.0.3 port 6303 and
1963 * external address 4.4.4.4 port 3606 use:
1964 * vpp# snat add static mapping local 10.0.0.3 6303 external 4.4.4.4 3606
1965 * If not runnig "static mapping only" S-NAT plugin mode use before:
1966 * vpp# snat add address 4.4.4.4
1967 * To create static mapping between local and external address use:
1968 * vpp# snat add static mapping local 10.0.0.3 external 4.4.4.4
1971 VLIB_CLI_COMMAND (add_static_mapping_command, static) = {
1972 .path = "snat add static mapping",
1973 .function = add_static_mapping_command_fn,
1975 "snat add static mapping local <addr> [<port>] external <addr> [<port>] [vrf <table-id>] [del]",
1978 static clib_error_t *
1979 set_workers_command_fn (vlib_main_t * vm,
1980 unformat_input_t * input,
1981 vlib_cli_command_t * cmd)
1983 unformat_input_t _line_input, *line_input = &_line_input;
1987 /* Get a line of input. */
1988 if (!unformat_user (input, unformat_line_input, line_input))
1991 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1993 if (unformat (line_input, "%U", unformat_bitmap_list, &bitmap))
1996 return clib_error_return (0, "unknown input '%U'",
1997 format_unformat_error, input);
1999 unformat_free (line_input);
2002 return clib_error_return (0, "List of workers must be specified.");
2004 rv = snat_set_workers(bitmap);
2006 clib_bitmap_free (bitmap);
2010 case VNET_API_ERROR_INVALID_WORKER:
2011 return clib_error_return (0, "Invalid worker(s).");
2013 case VNET_API_ERROR_FEATURE_DISABLED:
2014 return clib_error_return (0,
2015 "Supported only if 2 or more workes available.");
2026 * @cliexstart{set snat workers}
2027 * Set SNAT workers if 2 or more workers available, use:
2028 * vpp# set snat workers 0-2,5
2031 VLIB_CLI_COMMAND (set_workers_command, static) = {
2032 .path = "set snat workers",
2033 .function = set_workers_command_fn,
2035 "set snat workers <workers-list>",
2038 static clib_error_t *
2039 snat_ipfix_logging_enable_disable_command_fn (vlib_main_t * vm,
2040 unformat_input_t * input,
2041 vlib_cli_command_t * cmd)
2043 unformat_input_t _line_input, *line_input = &_line_input;
2049 /* Get a line of input. */
2050 if (!unformat_user (input, unformat_line_input, line_input))
2053 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2055 if (unformat (line_input, "domain %d", &domain_id))
2057 else if (unformat (line_input, "src-port %d", &src_port))
2059 else if (unformat (line_input, "disable"))
2062 return clib_error_return (0, "unknown input '%U'",
2063 format_unformat_error, input);
2065 unformat_free (line_input);
2067 rv = snat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port);
2070 return clib_error_return (0, "ipfix logging enable failed");
2077 * @cliexstart{snat ipfix logging}
2078 * To enable SNAT IPFIX logging use:
2079 * vpp# snat ipfix logging
2080 * To set IPFIX exporter use:
2081 * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
2084 VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = {
2085 .path = "snat ipfix logging",
2086 .function = snat_ipfix_logging_enable_disable_command_fn,
2087 .short_help = "snat ipfix logging [domain <domain-id>] [src-port <port>] [disable]",
2090 static clib_error_t *
2091 snat_config (vlib_main_t * vm, unformat_input_t * input)
2093 snat_main_t * sm = &snat_main;
2094 u32 translation_buckets = 1024;
2095 u32 translation_memory_size = 128<<20;
2096 u32 user_buckets = 128;
2097 u32 user_memory_size = 64<<20;
2098 u32 max_translations_per_user = 100;
2099 u32 outside_vrf_id = 0;
2100 u32 inside_vrf_id = 0;
2101 u32 static_mapping_buckets = 1024;
2102 u32 static_mapping_memory_size = 64<<20;
2103 u8 static_mapping_only = 0;
2104 u8 static_mapping_connection_tracking = 0;
2105 vlib_thread_main_t *tm = vlib_get_thread_main ();
2107 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2109 if (unformat (input, "translation hash buckets %d", &translation_buckets))
2111 else if (unformat (input, "translation hash memory %d",
2112 &translation_memory_size));
2113 else if (unformat (input, "user hash buckets %d", &user_buckets))
2115 else if (unformat (input, "user hash memory %d",
2118 else if (unformat (input, "max translations per user %d",
2119 &max_translations_per_user))
2121 else if (unformat (input, "outside VRF id %d",
2124 else if (unformat (input, "inside VRF id %d",
2127 else if (unformat (input, "static mapping only"))
2129 static_mapping_only = 1;
2130 if (unformat (input, "connection tracking"))
2131 static_mapping_connection_tracking = 1;
2134 return clib_error_return (0, "unknown input '%U'",
2135 format_unformat_error, input);
2138 /* for show commands, etc. */
2139 sm->translation_buckets = translation_buckets;
2140 sm->translation_memory_size = translation_memory_size;
2141 sm->user_buckets = user_buckets;
2142 sm->user_memory_size = user_memory_size;
2143 sm->max_translations_per_user = max_translations_per_user;
2144 sm->outside_vrf_id = outside_vrf_id;
2145 sm->outside_fib_index = ~0;
2146 sm->inside_vrf_id = inside_vrf_id;
2147 sm->inside_fib_index = ~0;
2148 sm->static_mapping_only = static_mapping_only;
2149 sm->static_mapping_connection_tracking = static_mapping_connection_tracking;
2151 if (!static_mapping_only ||
2152 (static_mapping_only && static_mapping_connection_tracking))
2154 clib_bihash_init_8_8 (&sm->worker_by_in, "worker-by-in", user_buckets,
2157 clib_bihash_init_8_8 (&sm->worker_by_out, "worker-by-out", user_buckets,
2160 vec_validate (sm->per_thread_data, tm->n_vlib_mains - 1);
2162 clib_bihash_init_8_8 (&sm->in2out, "in2out", translation_buckets,
2163 translation_memory_size);
2165 clib_bihash_init_8_8 (&sm->out2in, "out2in", translation_buckets,
2166 translation_memory_size);
2168 clib_bihash_init_8_8 (&sm->user_hash, "users", user_buckets,
2171 clib_bihash_init_8_8 (&sm->static_mapping_by_local,
2172 "static_mapping_by_local", static_mapping_buckets,
2173 static_mapping_memory_size);
2175 clib_bihash_init_8_8 (&sm->static_mapping_by_external,
2176 "static_mapping_by_external", static_mapping_buckets,
2177 static_mapping_memory_size);
2181 VLIB_CONFIG_FUNCTION (snat_config, "snat");
2183 u8 * format_snat_key (u8 * s, va_list * args)
2185 snat_session_key_t * key = va_arg (*args, snat_session_key_t *);
2186 char * protocol_string = "unknown";
2187 static char *protocol_strings[] = {
2193 if (key->protocol < ARRAY_LEN(protocol_strings))
2194 protocol_string = protocol_strings[key->protocol];
2196 s = format (s, "%U proto %s port %d fib %d",
2197 format_ip4_address, &key->addr, protocol_string,
2198 clib_net_to_host_u16 (key->port), key->fib_index);
2202 u8 * format_snat_session (u8 * s, va_list * args)
2204 snat_main_t * sm __attribute__((unused)) = va_arg (*args, snat_main_t *);
2205 snat_session_t * sess = va_arg (*args, snat_session_t *);
2207 s = format (s, " i2o %U\n", format_snat_key, &sess->in2out);
2208 s = format (s, " o2i %U\n", format_snat_key, &sess->out2in);
2209 s = format (s, " last heard %.2f\n", sess->last_heard);
2210 s = format (s, " total pkts %d, total bytes %lld\n",
2211 sess->total_pkts, sess->total_bytes);
2212 if (snat_is_session_static (sess))
2213 s = format (s, " static translation\n");
2215 s = format (s, " dynamic translation\n");
2220 u8 * format_snat_user (u8 * s, va_list * args)
2222 snat_main_per_thread_data_t * sm = va_arg (*args, snat_main_per_thread_data_t *);
2223 snat_user_t * u = va_arg (*args, snat_user_t *);
2224 int verbose = va_arg (*args, int);
2225 dlist_elt_t * head, * elt;
2226 u32 elt_index, head_index;
2228 snat_session_t * sess;
2230 s = format (s, "%U: %d dynamic translations, %d static translations\n",
2231 format_ip4_address, &u->addr, u->nsessions, u->nstaticsessions);
2236 if (u->nsessions || u->nstaticsessions)
2238 head_index = u->sessions_per_user_list_head_index;
2239 head = pool_elt_at_index (sm->list_pool, head_index);
2241 elt_index = head->next;
2242 elt = pool_elt_at_index (sm->list_pool, elt_index);
2243 session_index = elt->value;
2245 while (session_index != ~0)
2247 sess = pool_elt_at_index (sm->sessions, session_index);
2249 s = format (s, " %U\n", format_snat_session, sm, sess);
2251 elt_index = elt->next;
2252 elt = pool_elt_at_index (sm->list_pool, elt_index);
2253 session_index = elt->value;
2260 u8 * format_snat_static_mapping (u8 * s, va_list * args)
2262 snat_static_mapping_t *m = va_arg (*args, snat_static_mapping_t *);
2265 s = format (s, "local %U external %U vrf %d",
2266 format_ip4_address, &m->local_addr,
2267 format_ip4_address, &m->external_addr,
2270 s = format (s, "%U local %U:%d external %U:%d vrf %d",
2271 format_snat_protocol, m->proto,
2272 format_ip4_address, &m->local_addr, m->local_port,
2273 format_ip4_address, &m->external_addr, m->external_port,
2279 static clib_error_t *
2280 show_snat_command_fn (vlib_main_t * vm,
2281 unformat_input_t * input,
2282 vlib_cli_command_t * cmd)
2285 snat_main_t * sm = &snat_main;
2287 snat_static_mapping_t *m;
2288 snat_interface_t *i;
2289 snat_address_t * ap;
2290 vnet_main_t *vnm = vnet_get_main();
2291 snat_main_per_thread_data_t *tsm;
2292 u32 users_num = 0, sessions_num = 0, *worker, *sw_if_index;
2295 if (unformat (input, "detail"))
2297 else if (unformat (input, "verbose"))
2300 if (sm->static_mapping_only)
2302 if (sm->static_mapping_connection_tracking)
2303 vlib_cli_output (vm, "SNAT mode: static mapping only connection "
2306 vlib_cli_output (vm, "SNAT mode: static mapping only");
2310 vlib_cli_output (vm, "SNAT mode: dynamic translations enabled");
2315 pool_foreach (i, sm->interfaces,
2317 vlib_cli_output (vm, "%U %s", format_vnet_sw_interface_name, vnm,
2318 vnet_get_sw_interface (vnm, i->sw_if_index),
2319 i->is_inside ? "in" : "out");
2322 if (vec_len (sm->auto_add_sw_if_indices))
2324 vlib_cli_output (vm, "SNAT pool addresses interfaces:");
2325 vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
2327 vlib_cli_output (vm, "%U", format_vnet_sw_interface_name, vnm,
2328 vnet_get_sw_interface (vnm, *sw_if_index));
2332 vec_foreach (ap, sm->addresses)
2334 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
2335 #define _(N, i, n, s) \
2336 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
2337 foreach_snat_protocol
2342 if (sm->num_workers > 1)
2344 vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
2347 vec_foreach (worker, sm->workers)
2349 vlib_worker_thread_t *w =
2350 vlib_worker_threads + *worker + sm->first_worker_index;
2351 vlib_cli_output (vm, " %s", w->name);
2356 if (sm->static_mapping_only && !(sm->static_mapping_connection_tracking))
2358 vlib_cli_output (vm, "%d static mappings",
2359 pool_elts (sm->static_mappings));
2363 pool_foreach (m, sm->static_mappings,
2365 vlib_cli_output (vm, "%U", format_snat_static_mapping, m);
2371 vec_foreach (tsm, sm->per_thread_data)
2373 users_num += pool_elts (tsm->users);
2374 sessions_num += pool_elts (tsm->sessions);
2377 vlib_cli_output (vm, "%d users, %d outside addresses, %d active sessions,"
2378 " %d static mappings",
2380 vec_len (sm->addresses),
2382 pool_elts (sm->static_mappings));
2386 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->in2out,
2388 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->out2in,
2390 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->worker_by_in,
2392 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->worker_by_out,
2394 vec_foreach_index (j, sm->per_thread_data)
2396 tsm = vec_elt_at_index (sm->per_thread_data, j);
2398 if (pool_elts (tsm->users) == 0)
2401 vlib_worker_thread_t *w = vlib_worker_threads + j;
2402 vlib_cli_output (vm, "Thread %d (%s at lcore %u):", j, w->name,
2404 vlib_cli_output (vm, " %d list pool elements",
2405 pool_elts (tsm->list_pool));
2407 pool_foreach (u, tsm->users,
2409 vlib_cli_output (vm, " %U", format_snat_user, tsm, u,
2414 if (pool_elts (sm->static_mappings))
2416 vlib_cli_output (vm, "static mappings:");
2417 pool_foreach (m, sm->static_mappings,
2419 vlib_cli_output (vm, "%U", format_snat_static_mapping, m);
2428 VLIB_CLI_COMMAND (show_snat_command, static) = {
2429 .path = "show snat",
2430 .short_help = "show snat",
2431 .function = show_snat_command_fn,
2436 snat_ip4_add_del_interface_address_cb (ip4_main_t * im,
2439 ip4_address_t * address,
2441 u32 if_address_index,
2444 snat_main_t *sm = &snat_main;
2445 snat_static_map_resolve_t *rp;
2446 u32 *indices_to_delete = 0;
2450 for (i = 0; i < vec_len(sm->auto_add_sw_if_indices); i++)
2452 if (sw_if_index == sm->auto_add_sw_if_indices[i])
2456 /* Don't trip over lease renewal, static config */
2457 for (j = 0; j < vec_len(sm->addresses); j++)
2458 if (sm->addresses[j].addr.as_u32 == address->as_u32)
2461 snat_add_address (sm, address);
2462 /* Scan static map resolution vector */
2463 for (j = 0; j < vec_len (sm->to_resolve); j++)
2465 rp = sm->to_resolve + j;
2466 /* On this interface? */
2467 if (rp->sw_if_index == sw_if_index)
2469 /* Add the static mapping */
2470 rv = snat_add_static_mapping (rp->l_addr,
2476 ~0 /* sw_if_index */,
2480 clib_warning ("snat_add_static_mapping returned %d",
2482 vec_add1 (indices_to_delete, j);
2485 /* If we resolved any of the outstanding static mappings */
2486 if (vec_len(indices_to_delete))
2489 for (j = vec_len(indices_to_delete)-1; j >= 0; j--)
2490 vec_delete(sm->to_resolve, 1, j);
2491 vec_free(indices_to_delete);
2497 (void) snat_del_address(sm, address[0], 1);
2505 static int snat_add_interface_address (snat_main_t *sm,
2509 ip4_main_t * ip4_main = sm->ip4_main;
2510 ip4_address_t * first_int_addr;
2511 snat_static_map_resolve_t *rp;
2512 u32 *indices_to_delete = 0;
2515 first_int_addr = ip4_interface_first_address (ip4_main, sw_if_index,
2516 0 /* just want the address*/);
2518 for (i = 0; i < vec_len(sm->auto_add_sw_if_indices); i++)
2520 if (sm->auto_add_sw_if_indices[i] == sw_if_index)
2524 /* if have address remove it */
2526 (void) snat_del_address (sm, first_int_addr[0], 1);
2529 for (j = 0; j < vec_len (sm->to_resolve); j++)
2531 rp = sm->to_resolve + j;
2532 if (rp->sw_if_index == sw_if_index)
2533 vec_add1 (indices_to_delete, j);
2535 if (vec_len(indices_to_delete))
2537 for (j = vec_len(indices_to_delete)-1; j >= 0; j--)
2538 vec_del1(sm->to_resolve, j);
2539 vec_free(indices_to_delete);
2542 vec_del1(sm->auto_add_sw_if_indices, i);
2545 return VNET_API_ERROR_VALUE_EXIST;
2552 return VNET_API_ERROR_NO_SUCH_ENTRY;
2554 /* add to the auto-address list */
2555 vec_add1(sm->auto_add_sw_if_indices, sw_if_index);
2557 /* If the address is already bound - or static - add it now */
2559 snat_add_address (sm, first_int_addr);
2564 static clib_error_t *
2565 snat_add_interface_address_command_fn (vlib_main_t * vm,
2566 unformat_input_t * input,
2567 vlib_cli_command_t * cmd)
2569 snat_main_t *sm = &snat_main;
2570 unformat_input_t _line_input, *line_input = &_line_input;
2575 /* Get a line of input. */
2576 if (!unformat_user (input, unformat_line_input, line_input))
2579 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2581 if (unformat (line_input, "%U", unformat_vnet_sw_interface,
2582 sm->vnet_main, &sw_if_index))
2584 else if (unformat (line_input, "del"))
2587 return clib_error_return (0, "unknown input '%U'",
2588 format_unformat_error, line_input);
2591 rv = snat_add_interface_address (sm, sw_if_index, is_del);
2599 return clib_error_return (0, "snat_add_interface_address returned %d",
2605 VLIB_CLI_COMMAND (snat_add_interface_address_command, static) = {
2606 .path = "snat add interface address",
2607 .short_help = "snat add interface address <interface> [del]",
2608 .function = snat_add_interface_address_command_fn,
Code Review / vpp.git / blob